By many accounts, Blackberry mobile devices — once considered the gold standard in smartphones — are all but obsolete, thanks to the explosive growth of Android and Apple iOS powered devices. For proof, one needs to look no further than the U.S. government, which at one point was one of Blackberry’s most loyal supporters. However, thanks to many agencies moving to a Bring Your Own Device, or BYOD, model, many of the more than 200,000 Blackberries used by government employees have been replaced with devices from a wide variety of manufacturers.
And while employees are thrilled to use the devices that they’re comfortable with, the shift to a BYOD environment has created a security nightmare for the government. A recent report from the U.S. Army’s Inspector General’s office revealed that the government’s mobile security is lax at best. In fact, the lack of a comprehensive mobile device management plan could spell disaster for the military.
Multiple Devices, Multiple Security Problems
While BYOD is convenient for employees, it does present some security challenges. Not only are employees accessing secure corporate networks remotely, but different operating systems require different security solutions.
Some organizations have addressed this problem by limiting the number of supported devices, or by restricting devices to one operating system. By doing so, IT security can reduce the risks to the organization’s network and data by implanting a comprehensive MDM plan. All of the devices are centrally controlled, making security updates seamless and immediate. In short, a robust mobile security plan keeps everyone on the same page and prevents against unauthorized access by unapproved or dangerous devices.
This level of security is not happening within the U.S. Army, at least among the study area at the U.S. Military Academy in West Point, New York and the Army Corps of Engineers Engineer Research and Development Center in Mississippi. Researchers discovered that more than 14,000 devices are being used without the appropriate cyber-security authorizations. Thousands of these devices, most of which the Army was not even aware of, are regularly accessing sensitive networks and data, potentially creating security vulnerabilities to be exploited by cybercriminals.
For example, some Android applications, particularly those acquired outside of approved sources like Google Play or Amazon, contain dangerous malware that could provide criminals with secure passwords or other information that would grant them access to government networks. An unauthorized, unsecure device used by an innocent employee could potentially create a major national security breach when a criminal accesses Department of Defense networks, a fact that is of major concern to both government officials and security experts.
Taking Steps Toward Security
The U.S. government’s inability to effectively manage their BYOD program highlights a major concern for businesses: if the government, with its significant financial and security resources, can’t manage their mobile security plan, how can a small- or medium-sized business manage the same task?
Security experts note that even small businesses can learn from the government’s example and implement a mobile security plan that both protects data and allows employees the freedom to use their favorite devices. In short, organizations should:
- Use a centralized, robust mobile device management application to effectively secure all devices accessing the network and the data contained on them. Ideally, an MDM solution should include authentication, encryption, threat detection and access limitations to protect data on the servers and in transit.
- Have the capability to remotely lock or wipe compromised devices.
- Develop acceptable use policies that govern how employees can use devices to access and store data, and place limits on potentially harmful activities such as app installations or use of geotagging. The Inspector General’s report also noted that employee education and training is necessary to prevent serious security lapses, as in many cases employees are simply unaware of the risks inherent with using mobile devices for work.
Officials note the government-provided devices — mainly Blackberries — used by high-level employees and officials are secured under the existing MDM policy. However, with more employees turning to their own devices for work purposes, it’s clear that the old policies are no longer adequate.
But for a small business, the government’s BYOD issues only serve to highlight the importance of a mobile security plan. Without one, networks and sensitive data are vulnerable to a devastating leak.
About the Author: Noah Gamer is a driven business leader with experience in Internet marketing, Web software development and security software. Currently, he develops Internet strategy and directs global SEO for Trend Micro.